NOTE: Schellman has since updated this content, which you can find here. According to the Identity Theft Resource Center, we saw 781 data breaches in 2015 that totaled hundreds of millions of stolen records, many of which included personally identifiable information about customers—names, addresses and Social Security numbers.

“Scientia potentia est”. “Knowledge is power”.

A recent Experian Data Breach Resolution and Ponemon Institute study discovered that 55 percent of companies have experienced a data breach due to employee error, and 60 percent of companies believe their employees do not know about the company’s security risks. Furthermore, 66 percent of survey participants admitted that employees are their biggest challenge when developing and implementing data security protocols.

Cloud computing has become an essential aspect of modern business operations, offering scalability, flexibility, and cost-efficiency. However, with the increased reliance on cloud services comes the growing need for security and compliance assurances. As such, Cloud Service Providers (CSPs) now face the challenge of proving they can securely handle customer data while maintaining reliable operations.

American companies are hotfooted to clinch the new requirements of the Privacy Shield. Since the European Commission officially adopted the framework on July 12, organizations have scurried to understand the finalized principles, determine the applicability of each, and develop a plan for implementing any necessary privacy mechanisms and controls. Like most legal texts though, the Privacy Shield can be difficult to digest. Some of the principles have been significantly restructured, are riddled with stipulations and situational exceptions, and are a bit ambiguous. Our firm’s fielded an inpouring of questions looking for perspective and advice on which aspects of the Privacy Shield will be the riskiest and most burdensome. Here is my two cents worth on trying to prioritize and tackle some of the essentials.

One of my favorite quotes from Ghostbusters is the exchange between Ray Stantz and Peter Venkman:

Identifying changes that must be made is the easy part. Managing those changes successfully—not so simple! Organizations today need to be extraordinary at adapting to or influencing changes in technology, policy, and procedure. Those who adjust well aren’t phased by the fast pace of the market or the constant evolutions in technology and security standards. Those who struggle with change constantly operate in a reactive state, and fail to properly strategize their business moves.

The American Institute of Certified Public Accountants (AICPA) has designed three distinguished SOC reports to accommodate the varying needs of service organizations, each with their own purpose and intended use. As such, when service organizations begin researching System and Organization Controls (SOC) reports, their first consideration often centers around determining which SOC report(s) is best for their needs.